[545] in cryptography@c2.net mail archive
Re: John Kelsey's post re Protocols Workshop
daemon@ATHENA.MIT.EDU (Adam Shostack)
Tue Apr 15 11:23:10 1997
From: Adam Shostack <adam@homeport.org>
In-Reply-To: <199704150442.VAA00678@crypt.hfinney.com> from Hal Finney at "Apr 14, 97 09:42:31 pm"
To: hal@rain.org (Hal Finney)
Date: Tue, 15 Apr 1997 06:18:10 -0500 (EST)
Cc: cryptography@c2.net
Hal Finney wrote:
| > The statements from a CA flow from the CA to the key, not in reverse.
|
| The problem arises when the CA lies. When it says, "this is the key to
| use for secure communication to www.ibm.com", and gives a false key that
| it knows the secret to, it can potentially read traffic to that web site.
Or when someone lies to the CA. We are seeing HUGE problems
with identity fraud (to the point where the mainstream media has
picked up on it since there are so many victims.) With CAs
certifiying such a questionable concept as identity, they're bound to
be caught up in the fraud game. I believe they have less reason to
check than credit card companies.
This is one reason I feel role based certificates issued
locally are the only useful type of cert for the future.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
